Throughout this chapter, we saw how we could test MySQL databases, VoIP services, and SCADA systems for a number of vulnerabilities. We saw how an attacker gaining access to just the database could end up having system-level access. We also saw how vulnerabilities in ICS and SCADA can lead an attacker to compromise an entire server, which may result in enormous damage, and we saw how PBX deployed in various companies can be used not only to spoof calls but to compromise the whole client system. To practice your skills, you can perform the following further exercises at your own pace:
- Try testing MSSQL and PostgreSQL databases and make a note of the modules.
- Download other software-based SCADA systems and try exploiting them locally.
- Try to run system commands for MSSQL.
- Resolve error 13 on MySQL for writing files onto the server.
- The database testing covered in this chapter was performed on Metasploitable 2. Try setting up the same environment locally and repeat the exercise...